You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
156 lines
4.4 KiB
156 lines
4.4 KiB
|
|
# HG changeset patch
|
|
# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
|
|
# Date 1500755964 18000
|
|
# Node ID 39961adf974c7e284e3f95d2fc1609da4461d3ff
|
|
# Parent d00b74315a716a62386de06732afdd2822b9f1fd
|
|
RGB: Fixed heap overflow with multiple frames with varying widths.
|
|
|
|
diff -r d00b74315a71 -r 39961adf974c coders/rgb.c
|
|
--- a/coders/rgb.c Sat Jul 22 15:39:14 2017 -0500
|
|
+++ b/coders/rgb.c Sat Jul 22 15:39:24 2017 -0500
|
|
@@ -1,5 +1,5 @@
|
|
/*
|
|
-% Copyright (C) 2003 - 2015 GraphicsMagick Group
|
|
+% Copyright (C) 2003 - 2017 GraphicsMagick Group
|
|
% Copyright (C) 2002 ImageMagick Studio
|
|
% Copyright 1991-1999 E. I. du Pont de Nemours and Company
|
|
%
|
|
@@ -570,19 +570,20 @@
|
|
*/
|
|
static unsigned int WriteRGBImage(const ImageInfo *image_info,Image *image)
|
|
{
|
|
- int
|
|
+ long
|
|
y;
|
|
|
|
register const PixelPacket
|
|
*p;
|
|
|
|
unsigned char
|
|
- *pixels;
|
|
+ *pixels = (unsigned char *) NULL;
|
|
|
|
unsigned int
|
|
status;
|
|
|
|
unsigned int
|
|
+ depth,
|
|
packet_size,
|
|
quantum_size,
|
|
scene;
|
|
@@ -593,27 +594,11 @@
|
|
ExportPixelAreaInfo
|
|
export_info;
|
|
|
|
- /*
|
|
- Allocate memory for pixels.
|
|
- */
|
|
assert(image_info != (const ImageInfo *) NULL);
|
|
assert(image_info->signature == MagickSignature);
|
|
assert(image != (Image *) NULL);
|
|
assert(image->signature == MagickSignature);
|
|
|
|
- if (image->depth <= 8)
|
|
- quantum_size=8;
|
|
- else if (image->depth <= 16)
|
|
- quantum_size=16;
|
|
- else
|
|
- quantum_size=32;
|
|
-
|
|
- packet_size=(quantum_size*3)/8;
|
|
- if (LocaleCompare(image_info->magick,"RGBA") == 0)
|
|
- packet_size=(quantum_size*4)/8;
|
|
- pixels=MagickAllocateArray(unsigned char *,packet_size,image->columns);
|
|
- if (pixels == (unsigned char *) NULL)
|
|
- ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
|
|
if (image_info->interlace != PartitionInterlace)
|
|
{
|
|
/*
|
|
@@ -623,30 +608,70 @@
|
|
if (status == False)
|
|
ThrowWriterException(FileOpenError,UnableToOpenFile,image);
|
|
}
|
|
+
|
|
+ /*
|
|
+ Support depth in multiples of 8 bits.
|
|
+ */
|
|
+ if (image->depth > 16)
|
|
+ depth=32;
|
|
+ else if (image->depth > 8)
|
|
+ depth=16;
|
|
+ else
|
|
+ depth=8;
|
|
+
|
|
+ if (depth <= 8)
|
|
+ quantum_size=8;
|
|
+ else if (depth <= 16)
|
|
+ quantum_size=16;
|
|
+ else
|
|
+ quantum_size=32;
|
|
+
|
|
+ packet_size=(quantum_size*3)/8;
|
|
+ if (LocaleCompare(image_info->magick,"RGBA") == 0)
|
|
+ packet_size=(quantum_size*4)/8;
|
|
+
|
|
scene=0;
|
|
- /*
|
|
- Initialize export options.
|
|
- */
|
|
- ExportPixelAreaOptionsInit(&export_options);
|
|
- if (image->endian != UndefinedEndian)
|
|
- export_options.endian=image->endian;
|
|
- else if (image_info->endian != UndefinedEndian)
|
|
- export_options.endian=image_info->endian;
|
|
- if (image->logging)
|
|
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
|
- "Depth %u bits, Endian %s, Interlace %s",
|
|
- quantum_size,
|
|
- EndianTypeToString(export_options.endian),
|
|
- InterlaceTypeToString(image_info->interlace));
|
|
do
|
|
{
|
|
/*
|
|
+ Allocate memory for pixels.
|
|
+ */
|
|
+ MagickReallocMemory(unsigned char *,pixels,
|
|
+ MagickArraySize(packet_size,image->columns));
|
|
+ if (pixels == (unsigned char *) NULL)
|
|
+ ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
|
|
+
|
|
+ /*
|
|
+ Initialize export options.
|
|
+ */
|
|
+ ExportPixelAreaOptionsInit(&export_options);
|
|
+ if (image->endian != UndefinedEndian)
|
|
+ export_options.endian=image->endian;
|
|
+ else if (image_info->endian != UndefinedEndian)
|
|
+ export_options.endian=image_info->endian;
|
|
+
|
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
|
+ "%lu: "
|
|
+ "Geometry %lux%lu, "
|
|
+ "Depth %u bits, "
|
|
+ "Endian %s, "
|
|
+ "Packet Size %u, "
|
|
+ "Row bytes %" MAGICK_SIZE_T_F "u",
|
|
+ image->scene,
|
|
+ image->columns,image->rows,
|
|
+ quantum_size,
|
|
+ EndianTypeToString(export_options.endian),
|
|
+ packet_size,
|
|
+ (MAGICK_SIZE_T) MagickArraySize(packet_size,image->columns));
|
|
+
|
|
+ /*
|
|
Convert MIFF to RGB raster pixels.
|
|
*/
|
|
(void) TransformColorspace(image,RGBColorspace);
|
|
if (LocaleCompare(image_info->magick,"RGBA") == 0)
|
|
if (!image->matte)
|
|
SetImageOpacity(image,OpaqueOpacity);
|
|
+
|
|
switch (image_info->interlace)
|
|
{
|
|
case NoInterlace:
|
|
|